If you’ve tried to install OSSEC on OS X Mountain Lion, you probably attempted to install it using the command line compiler bundled with XCode and run into the error message:
sha_locl.h:261: error: unsupported inline asm: input constraint with a matching output constraint of incompatible type!After a bit of research, it seems there is an issue with the llvm-based compiler Apple is using.
However, by using Apple’s compiler to build standard gcc, you can then use the result to successfully install OSSEC.
Install XCode 4.5
If you’re starting from scratch, you’ll need XCode 4.5 and it’s command line compiler:
- Download and install XCode 4.5 from the App store (It’s now a free download)
- Launch XCode, and go to Preferences, then Downloads. Next to “Command Line Tools”, choose Install.
- After the command line tools are installed, close XCode and open a terminal.
- To verify your install of the command line tools, type “gcc” and return. The result should be similar to the following:
-
bash-3.2$ gcc
i686-apple-darwin11-llvm-gcc-4.2: no input files
This indicates you’ve got Apple’s llvm based compiler installed.
Build gcc from source
Now you can build gcc. I used this tutorial by Sol at the Solarian Programmer blog for building gcc 4.6.2 on Lion to successfully build 4.6.3 on Mountain Lion. Here’s a condensed version:
- Download:
- gcc 4.6.3 (gcc-4.6.3.tar.gz) – I believe you can use a stable version of 4.7 as well
- gmp 5.0.5 (gmp-5.0.5.tar.bz2)
- mpfr 3.1.1 (mpfr-3.1.1.tar.bz2)
- mpc 1.0.1 (mpc-1.0.1.tar.gz)
- Uncompress and untar each into your ~/Downloads directory by double clicking them in Finder to launch Archive Utility.
- Compile gmp in the terminal using the following commands:
sh-3.2# cd ~/Downloads/gmp-5.0.5/
sh-3.2# mkdir build
sh-3.2# cd build
sh-3.2# ../configure --prefix=$HOME/my_gcc
sh-3.2# make
sh-3.2# make install - Compile mpfr
sh-3.2# cd ~/Downloads/mpfr-3.1.1/
sh-3.2# mkdir build
sh-3.2# cd build
sh-3.2# ../configure --prefix=$HOME/my_gcc --with-gmp=$HOME/my_gcc
sh-3.2# make
sh-3.2# make install - Compile mpc
sh-3.2# cd ~/Downloads/mpc-1.0.1/
sh-3.2# mkdir build
sh-3.2# cd build
sh-3.2# ../configure --prefix=$HOME/my_gcc --with-gmp=$HOME/my_gcc --with-mpfr=$HOME/my_gcc
sh-3.2# make
sh-3.2# make install - Finally, compile gcc (adjust the
make -j 4command for the number of cores you want to use)sh-3.2# cd ~/Downloads/gcc-4.6.3/
sh-3.2# mkdir build
sh-3.2# cd build
sh-3.2# ../configure --prefix=$HOME/my_gcc --enable-checking=release --with-gmp=$HOME/my_gcc --with-mpfr=$HOME/my_gcc --with-mpc=$HOME/my_gcc
sh-3.2# make -j 4
sh-3.2# make install
Replace Apple’s gcc with the one we just built
You should now have an executable in ~/my_gcc/bin called gcc. We need to substitute this gcc for the one that comes with XCode. I did that by temporarily copying Apple’s gcc to gcc2 and creating a symlink to the new gcc:
sh-3.2# sudo su
sh-3.2# cd /usr/bin
sh-3.2# cp gcc gcc2
sh-3.2# rm gcc
sh-3.2# ln -s /Users/jason/my_gcc/bin/gcc /usr/bin/gccNOTE: You probably don’t want to leave that symlink in place any longer than you have to, but it’s convenient to link to a home directory for the time being. Also, modify if your name isn’t Jason!
We can check that all is well by issuing:
sh-3.2# gcc -v
gcc version 4.6.3 (GCC)
Download OSSEC
At which point we’re ready to download OSSEC (I used 2.6 stable). After downloading, use Finder and Archive Utility (double click the downloaded file) to extract the tarball. Back in the terminal, we need to do some prebuild configuration.
Manually execute the account creation script
OSSEC seems to fail to correctly identify that it’s running on OS X, and during the account creation phase will attempt to use the “darwin-addusers.pl” script instead of “osx105-addusers.sh” script. We can get around this problem by running the right account creation script ourselves ahead of time.
sh-3.2# sudo su
sh-3.2# cd /Users/jason/Downloads/ossec-hids-2.6/src/init
sh-3.2# cp osx105-addusers.sh /Users/jason/
sh-3.2# chmod 755 /Users/jason/osx105-addusers.sh
sh-3.2# /Users/jason/osx105-addusers.sh
That should create the necessary accounts and groups for the rest of the install to go smoothly.
Install OSSEC
When the script is done, kick off OSSEC installation:
sh-3.2# cd /Users/jason/Downloads/ossec-hids-2.6/
sh-3.2# ./install.sh
and follow along with your favorite install guide. (Chapter 2 of the OSSEC Book should contain anything you might need.) I found mostly default settings to be satisfactory for my purposes.
Image may be NSFW.
Clik here to view.
Image may be NSFW.Clik here to view.
